Fake Google Store Apps infecting users with BankBot Anubis Malware

BankBot Anubis malware

An ongoing influx of questionable developers submitting fake Android apps on Google Play Store increased its scale, hinting at a widespread malicious group dedicated in mobile theft-terrorism. These fake apps exploit the mobile downloader feature and covertly install BankBot Anubis malware on their victims.

How did they got pass Google Play Store’s defense?

Hackers up their game by leaning towards development of malware downloaders, instead of apps infected with malware. Think of it this way: instead of uploading a malware at official app stores like Google (which has a higher malware detection rate thus lower distribution success for hackers), isn’t it more effective for them to upload fake apps without malware instead? This way, they get pass Google’s security barricade.

Now here’s the catch: these fake apps are equipped with downloaders – a feature common in every existing mobile app – and it’s where the infection comes from. Normally, downloaders are responsible for extra updates and downloadable packages, but malicious developers took advantage of this by hosting malware payloads instead.

It’s bad for Android consumers, since Google usually is fanatically followed by its users. They give out impression of impenetrability just because they’re official and legitimate. And due to this faulty way of thinking, unaware users just download everything without checking first if a particular app is safe or not. Hackers expected this mindset from people, which is why mobile malware downloaders are increasing in popularity nowadays.

From fake apps to banking trojan

These fake apps look real and legitimate, and range from online shopping to financial apps, or even an automotive one. When a victim unfortunately installs one, the fake app will ask users to install Bankbot Anubis (which is pretending to be Google Protect.) After saying yes to its admin permission request, the infection then comes into play.

Bankbot Anubis is a destructive banking trojan that, when installed, steals login credentials on financial apps, payment cards and e-wallets – a move known as “financial fraud“. Getting infected by it sure is ugly and business-damaging.

To prevent users from falling in their trap:

Don’t root or jailbreak your phone.

Don’t grant application admin permission. Legitimate mobile apps usually don’t ask for it.

Apps that’re asking for your location, SMS and call services – make sure they actually need these permissions.

 

About the author

Leave a Reply

Categories